Certs are valid, I will check what you mentioned.
I'm also no fan of bundles, more the seperate files but this doesn't
seem to work always. At least for the CAroot a bundle was required.

Advertising

Matt
2017-02-14 14:51 GMT+01:00 Sullivan, Daniel [CRI] <dsulliv...@bsd.uchicago.edu>:
> Have you validated the cert (and dumped the contents) from the command line
> using the openssl tools? I’ve seen the message you are seeing before, for
> some reason I seem to remember that it has to do with either a missing or an
> extra - at either the -----BEGIN CERTIFICATE---- or -----END CERTIFICATE----
> (an error from copy and pasting and not copying the actual file).
>
> I’ve never used certupdate so if what is described above doesn’t help
> somebody else will have to chime in.
>
> Dan
>
>> On Feb 14, 2017, at 2:18 AM, Matt . <yamakasi....@gmail.com> wrote:
>>
>> Hi Dan,
>>
>> Ues i have tried that and I get the message that it misses the full
>> chain for the certificate.
>>
>> My issue is more, why is the Server-Cert being removed on a certupdate ?
>>
>> Cheers,
>>
>> Matt
>>
>> 2017-02-14 2:18 GMT+01:00 Sullivan, Daniel [CRI]
>> <dsulliv...@bsd.uchicago.edu>:
>>> Is the chain in mydomain_com_bundle.crt? Have you tried it with the cert
>>> only (disclaimer: I’ve never done this).
>>>
>>> Dan
>>>
>>>> On Feb 13, 2017, at 4:08 PM, Matt . <yamakasi....@gmail.com> wrote:
>>>>
>>>> Hi Guys,
>>>>
>>>> I'm trying to install a 3rd party certificate using:
>>>>
>>>> http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP#Procedure_in_current_IPA
>>>>
>>>> When I run the install command for the certificate itself:
>>>>
>>>> ]# ipa-server-certinstall -w -d mydomain_com.key mydomain_com_bundle.crt
>>>> Directory Manager password:
>>>>
>>>> Enter private key unlock password:
>>>>
>>>> list index out of range
>>>> The ipa-server-certinstall command failed.
>>>>
>>>>
>>>> If I do a #ipa-certupdate the Server-Cert is removed from
>>>> /etc/httpd/alias and the install fails because of this.
>>>>
>>>> What can I do to solve this ?
>>>>
>>>> Thanks,
>>>>
>>>> Matt
>>>>
>>>> --
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the project
>>>
>
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project